Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: receiving, by a server computing device comprising at least one processor and a communication interface, via the communication interface, a first registration message from a first virtual machine; determining, by the server computing device, a state of the first virtual machine based on token information associated with the first registration message received from the first virtual machine; and updating, by the server computing device, virtual machine state information records maintained by the server computing device based on the state of the first virtual machine determined by the server computing device, wherein the virtual machine state information records maintained by the server computing device identify one or more tainted virtual machines and one or more untainted virtual machines, wherein the server computing device is configured to select virtual machines for brokered virtual desktop sessions based on the virtual machine state information records maintained by the server computing device, and wherein a broker agent service executing on the first virtual machine is configured to delete a signed token maintained by the first virtual machine in response to determining that the first virtual machine has been tainted.
2. The method of claim 1 , wherein determining the state of the first virtual machine based on the token information associated with the first registration message received from the first virtual machine comprises determining whether the first virtual machine is tainted.
3. The method of claim 2 , wherein determining whether the first virtual machine is tainted comprises: determining that the first virtual machine is not tainted based on validating a signed token included in the token information associated with the first registration message.
4. The method of claim 2 , wherein determining whether the first virtual machine is tainted comprises: determining that the first virtual machine is tainted based on failing to validate a signed token included in the token information associated with the first registration message.
5. The method of claim 2 , wherein determining whether the first virtual machine is tainted comprises: determining that the first virtual machine is tainted based on determining that the token information associated with the first registration message does not include a signed token.
6. The method of claim 2 , wherein updating the virtual machine state information records maintained by the server computing device comprises updating the virtual machine state information records maintained by the server computing device to mark the first virtual machine as tainted based on determining that the first virtual machine is tainted.
7. The method of claim 2 , wherein updating the virtual machine state information records maintained by the server computing device comprises updating the virtual machine state information records maintained by the server computing device to mark the first virtual machine as untainted based on determining that the first virtual machine is not tainted.
8. The method of claim 1 , comprising: receiving, by the server computing device, via the communication interface, a second registration message from a second virtual machine; determining, by the server computing device, a state of the second virtual machine based on second token information associated with the second registration message received from the second virtual machine; and updating, by the server computing device, the virtual machine state information records maintained by the server computing device based on the state of the second virtual machine determined by the server computing device.
9. The method of claim 1 , wherein the token information associated with the first registration message comprises a signed token associated with a disk image used to boot the first virtual machine.
10. The method of claim 1 , wherein the token information associated with the first registration message comprises a signed token provided to the first virtual machine by a second server computing device different from the server computing device during a provisioning process.
11. The method of claim 1 , wherein the broker agent service executing on the first virtual machine is configured to determine that the first virtual machine has been tainted in response to receiving a prepare session message from a desktop delivery controller.
12. The method of claim 1 , wherein the broker agent service executing on the first virtual machine is configured to determine that the first virtual machine has been tainted in response to determining that the first virtual machine has initiated an unbrokered session.
13. The method of claim 1 , wherein prior to sending the first registration message to the server computing device, the first virtual machine deleted the signed token maintained by the first virtual machine in response to receiving a prepare session message from a second server computing device different from the server computing device.
14. The method of claim 1 , wherein the first virtual machine is configured to send the first registration message to the server computing device in response to detecting that a second server computing device has failed.
15. The method of claim 1 , wherein the server computing device is configured to execute a desktop delivery controller service that connects one or more user devices with one or more virtual machines executed on a virtualization platform.
16. The method of claim 1 , comprising: receiving, by the server computing device, via the communication interface, a request to connect to a virtual desktop from a user device; in response to receiving the request to connect to the virtual desktop from the user device, selecting, by the server computing device, an untainted virtual machine based on the virtual machine state information records maintained by the server computing device; and initiating, by the server computing device, a brokered virtual desktop session between the user device and the untainted virtual machine, wherein initiating the brokered virtual desktop session between the user device and the untainted virtual machine comprises: sending a prepare session message to the untainted virtual machine; and after sending the prepare session message to the untainted virtual machine, connecting the user device to the untainted virtual machine.
17. The method of claim 16 , wherein the untainted virtual machine is configured to delete a signed token maintained on the untainted virtual machine in response to receiving the prepare session message.
18. A server computing device comprising: at least one processor; a communication interface; and a memory storing instructions that, when executed by the at least one processor, cause the server computing device to: receive, via the communication interface, a first registration message from a first virtual machine; determine a state of the first virtual machine based on token information associated with the first registration message received from the first virtual machine; and update virtual machine state information records maintained by the server computing device based on the state of the first virtual machine determined by the server computing device, wherein the virtual machine state information records maintained by the server computing device identify one or more tainted virtual machines and one or more untainted virtual machines, wherein the server computing device is configured to select virtual machines for brokered virtual desktop sessions based on the virtual machine state information records maintained by the server computing device, and wherein a broker agent service executing on the first virtual machine is configured to delete a signed token maintained by the first virtual machine in response to determining that the first virtual machine has been tainted.
19. The server computing device of claim 18 , wherein the broker agent service executing on the first virtual machine is configured to determine that the first virtual machine has been tainted in response to receiving a prepare session message from a desktop delivery controller.
20. One or more non-transitory computer-readable media storing instructions that, when executed by a server computing device comprising at least one processor and a communication interface, cause the server computing device to: receive, via the communication interface, a first registration message from a first virtual machine; determine a state of the first virtual machine based on token information associated with the first registration message received from the first virtual machine; and update virtual machine state information records maintained by the server computing device based on the state of the first virtual machine determined by the server computing device, wherein the virtual machine state information records maintained by the server computing device identify one or more tainted virtual machines and one or more untainted virtual machines, wherein the server computing device is configured to select virtual machines for brokered virtual desktop sessions based on the virtual machine state information records maintained by the server computing device, and wherein a broker agent service executing on the first virtual machine is configured to delete a signed token maintained by the first virtual machine in response to determining that the first virtual machine has been tainted.
Unknown
June 25, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.